Lookout BlogLookout Blog2015-03-26T21:44:49Zhttps://blog.lookout.com/feed/atom/WordPressLookouthttp://blog.lookout.com/?p=158762015-03-26T21:44:49Z2015-03-24T12:00:39ZRead more]]>Lookout today announced the findings of its Mobile Privacy IQ study, a survey of smartphone owners in the United States, that examines data-based trends about our privacy mindsets and how they inform our perceptions, behaviors, and feelings toward privacy when using mobile devices.

What we found is that despite being increasingly tuned in to the importance of protecting the data on their mobile devices, a clear disconnect exists between people’s understanding of what it means to be privacy conscious and the actions they take in the real world.

Key findings include:

People (particularly Millennials) claim to be highly aware of privacy issues yet still take part in risky mobile behavior like downloading apps from unofficial app stores and not reading app permissions.

Although people express concern over how mobile apps are handling their information, they are willing to make the trade-off for convenience over privacy.

A large percentage of smartphone owners care least about protecting work data on their devices, placing personal data over all other forms.

]]>3Lookouthttp://blog.lookout.com/?p=158832015-03-24T18:45:14Z2015-03-23T07:00:19ZRead more]]>In 2015 we’re living in a ‘Privacy Zeitgeist’, with new Lookout/ICM research showing that Brits are now hyper-vigilant about protecting the privacy of the data on their mobile phones. Partially driven by recent events such as the Snowden revelations, high-profile data breaches and celebrity photo-leaking incidents, and partially by a growing awareness and sensitivity to the treasure trove of data that our mobiles hold – it’s clear, privacy is top-of-mind in the UK.

Lookout’s Privacy Zeitgeist research, based on a 2015 ICM survey of 1,000 smartphone owners in the United Kingdom, examines data-based trends about our privacy mindsets. While perspectives on what’s most important with mobile privacy differ depending on gender and age, Brits appear to be demonstrating a heightened sense about its overall importance.

Brits: “We’re committed to mobile privacy”

Good news, Brits report that they’re both conscientious and accountable when it comes to protecting the privacy of the personal data shared via smartphones. Three out of every four consumers (73%) claim that they are now very careful about protecting their personal privacy. With privacy constantly in the headlines, Brits now feel the need to personally take responsibility for their own data (67%), while far fewer (4%) feel it is up to the government to protect their data.

Lookout also found that Windows Phone owners are much more privacy-conscious than Android and iPhone users – 41% always consider their mobile privacy when using their handsets, compared with 26% for both Android & iPhone.

News headlines are changing our views on privacy

Today, it’s commonplace to see high-profile security breaches or privacy faux pas slashed across the front pages of the news. According to Lookout’s survey results, these current events are making people more conscious of the need to protect their personal data.

Brits aren’t willing to negotiate away their privacy

When it comes to privacy, Brits won’t compromise – two thirds are not willing to share more data via their mobile apps in return for a cheaper (68%) or a more tailored service (66%).

However, the younger generations are more willing to bargain away their privacy: 21% of those aged 18-34 would share more information for a cheaper service, compared to just 7% of those aged 55 and above.

“With data privacy issues continuing to dominate the headlines in 2015, it’s clear that UK consumers are taking a stand and putting the privacy of their mobile data in their own hands.

While this is a very positive development, at the same time UK consumers are still showing some concerning knowledge gaps about privacy issues, as well as continuing to partake in some risky behaviours. As an industry we most focus on being absolutely transparent with consumers around privacy, and ensure they fully understand the access they are giving away via their mobile phones.”

– Thomas Labarthe, Managing Director, Lookout EMEA

Work information takes the backseat to personal and family information

]]>0Lookouthttp://blog.lookout.com/?p=158692015-03-19T22:59:18Z2015-03-20T16:00:06ZRead more]]>What is the FREAK vulnerability?

FREAK is the latest in a line of recently uncovered vulnerabilities affecting the way communications are secured over the Internet. Specifically, it impacts SSL/TLS and stands for “Factoring attack on RSA-EXPORT Keys”. The bug allows an attacker to sit between your HTTPS connection and the vulnerable client or server and force you to use a less secure version of encryption. This downgraded encryption may allow an attacker to obtain your data.

Is Lookout affected?

No, Lookout’s infrastructure is not impacted by the FREAK vulnerability. Users are not at risk through Lookout’s product, however, that does not mean that your device itself is not otherwise vulnerable.

What can I do to protect myself?

Unfortunately, like the Heartbleed and POODLE vulnerabilities, people need to wait for a patch from their carrier or device manufacturer to be released. Apple has released a patch for Safari on iOS and Mac OS. Google has promised a patch, but has not yet released one.

If you’ve received an official manufacturer or carrier update to your operating system, install it!

]]>0Lookouthttp://blog.lookout.com/?p=158712015-03-19T16:12:51Z2015-03-19T15:00:31ZRead more]]>In the continued quest to build out the best leadership in the industry, Lookout has hired a chief marketing officer, Deb Wolf, and vice president of platform products, Santosh Krishnan.

Deb and Santosh will help Lookout seize the opportunity we have across both consumer and enterprise businesses by accelerating our ability to deliver innovative products and develop successful relationships with our customers. But what was it that brought these accomplished leaders to Lookout? It’s always best to hear directly from the source.

Check out our Q&A with Deb and Santosh and learn a little more about them in their own words:

Deb Wolf, Chief Marketing Officer

Q: Why are you a key ingredient in Lookout’s success both on the consumer side and the enterprise side?
A: I’ve worked on brands, large and small, and marketed to a variety of businesses for the last 25 years and I’m excited about bringing that enterprise focus to Lookout. It’s about identifying personas, bringing the customer to life for all Lookout employees, so we can get to know them and build excellent products and experiences for them. Lookout has had a really interesting relationship with the consumer. It’s been very personal, a one-on-one interaction building trust. Now, we’re out to make global organizations as secure as possible and are developing that same sort of relationship with CSOs and CIOs. I’m excited to help us understand their needs and build products that provide protection and peace of mind to everyone who leans on Lookout.

Q: What impact do you hope to have on Lookout?
A: I want Lookout to be the Kleenex of security: whether you’re using it for your personal life or your business, you know we’re the gold standard in protecting your mobile devices. The ultimate test of our success is whether or not we’ve delighted our customer. We will need to be the CSO’s partner, working alongside them to, giving them peace of mind. We’ve got the consumer’s back, keeping their individual data and privacy secure. We’re the industry’s voice of reason, making sure people know what they should really watch out for. I want to make sure everyone know we’re the ultimate security solution for anyone.

Q:What was the opportunity that you saw here?
A: Lookout has a really unique opportunity to be both a consumer and enterprise company, something not many companies have successfully accomplished. The problem of mobile security is universal across both audiences — whether you’re a regular Joe using your phone for everyday things or an enterprise whose employees bring their phones into the corporate network every day. Lookout is uniquely positioned to address both groups’ needs and be the trusted security solution for everyone. This is a tremendous opportunity and challenge that I look forward to taking on.

Q: Why do you think people should care about mobile security?
A: Security isn’t something the world should have to worry about. It’s something they should rely on us to worry about. Smart, mobile devices, whether it’s a phone, tablet, watch, whatever, aren’t going away. The closer and more intimate these connected devices get, the more we forget about securing them. It’s that moment when the phone is stolen, or the tablet gets malware, that’s where Lookout steps in. We’re in the peace-of-mind business: worrying so you don’t have to.

Q: Where do you see mobile security in 5 years?
A: I hope security is built into the fabric of all connected devices, keeping the device and data safe in a predictive way. Mobile security will move beyond the reactionary and start learning about the world of threats, identifying potential threats before they ever reach that precious connected device. It needs to be core to the piece or operating system, helping power the device.

Santosh Krishnan, VP of Platform Products

Q: What impact do you hope to have on Lookout?
A: My goal is to create new products with our security platform that we haven’t really thought of before. Right now we have three different product lines: our awesome consumer app that has won us over 60 million users, our enterprise product that we’re building out with our dataset of the world’s mobile code, and our security platform, the unique technology that powers our mobile protection. I’m working to enhance and extend that third product line, scratching the surface of security platform-as-a-service offerings.

Q: Why are you a key ingredient in Lookout’s success both on the consumer side and the enterprise side?
A: I’ve built companies from the ground up the way Lookout’s co-founders John Hering and Kevin Mahaffey have, but I’ve also managed sizeable product-lines at larger companies. Right now, Lookout is growing into a larger company with multiple product lines. I’m hoping to bring a little bit of that experience with an understanding of the growing pains it takes to get there.

Q: What was the opportunity that you saw here?
A: I’m impressed by what the company has done in terms of acquisition — Lookout has build a platform that has over 60 million users and a dataset of over eight million apps. The hard part of building a SaaS business and scaling it to those numbers has already been achieved. The opportunity now is in figuring out how to extend it to many different audience-types and I’m looking forward to that challenge.

Q: Where do you see mobile security in 5 years?
A: The real question is: will “mobile security” remain as a separate domain, or will it just become “security” at that point. More and more endpoints are becoming mobile, especially with the growth of BYOD in the enterprise. Indeed, mobile devices may become the only relevant end points going forward. As these devices become ubiquitous, protecting them against a diversity of threats will remain one of the most important challenges of this generation of security technologies.

Q: What’s the first big project you want to take on at Lookout?
A: I plan on creating a new product strategy for our security stack, and building out the business cases for new platform-as-a-service offerings from there. It’s exciting to look at the possibilities we have with such unique technology and I’m looking forward to jumping in head first.

Unfortunately, even official app stores’ app-vetting systems are not perfect. Lookout has found 13 instances, or apps, with adware in Google Play, some of which pretend to be Facebook and have malware-like characteristics making it difficult to remove from the phone.

We alerted Google to these 13 instances and the company quickly removed them from the store. All Lookout users are protected against this threat.

Two families of adware called HideIcon and NotFunny hide within the 13 new instances Lookout found. In total, these instances have been downloaded over half a million times on the high end of Google’s download count and around 130,000 on the low end. Let’s take a look at the latest threats:

HideIcon

How many instances: 1

What is it: HideIcon actually has some qualities of malware in that, once it’s on the device, HideIcon does just what its title suggests it would: it hides the icon. This wouldn’t seem like such a big deal except to say that it makes it much harder to remove an app from your phone that you don’t know exists. After it hides the icon, variants of HideIcon will push aggressive ads to the user, disrupting their experience of the device. There seem to be no terms of service and the app does not provide value to the user.

What were the instances like: The app pretends to be the card game complete with a description in Google Play on how to play. At the time of removal, people downloaded the app 1,000 to 5,000 times.

NotFunny

How many instances: 12

What is it: NotFunny has two parts: a “dropper” and the “payload,” or the adware itself. The dropper hides in applications such as a “free Christmas ringtones app,” wallpaper apps, a fake laser pointer app, and others. When a victim downloads one of these apps and launches it, the dropper prompts him to download the payload. This payload app pretends to be Facebook, dropping a Facebook icon to the phone’s app launcher and asks for a number of permissions including “your personal information,” “services that cost you money,” “your messages,” “your location.” Once installation is complete the payload hides its icon.

Like most adware, the payload pushes aggressive advertising to the phone, disrupting the user’s experience. The code is fairly rudimentary and does not indicate that a sophisticated adversary is behind the threat.

What were the instances like: Lookout found 12 different instances of NotFunny in Google Play from a number of different developer accounts. Whether these accounts were run by different individuals is unknown. The apps ranged in topic from a “funny voice changer” to tools that supposedly change your battery widget into things like a burning cigarette. It’s easy to imagine a situation in which someone who just got a brand new phone would go running to download new, fun apps to personalize their experience of the device and stumble upon these.

After Google removed a group of applications, the developer behind them re-uploaded two of the apps, this time with the adware component removed. This could suggest that the developer added adware into the app without knowing its aggressive properties or didn’t understand Google’s rules. Of course, the developer could also simply have realized he or she wasn’t going to get away with it anymore as well.

Can we trust Google Play?

The short answer is yes. It takes industry collaboration to be able to secure app store environments and Google works diligently with security companies to ensure the apps in the Google Play are of quality. When a rogue app slips through, however, Google removes the apps as quickly as possible.

But the reality is, we need multiple lines of defense to make sure that our devices are safe.

How to stay safe

Make sure you’re reading app reviews — if they say, “This app keeps giving me ads!” or other negativity, second guess the app

Download from known or trusted developers. Do a little research on the developer if you feel as if an app is obscure.

Make sure you have a security app installed that can detect threats such as adware before they disrupt you

Read app permissions before you install an application.

How to remove adware

There are two ways to uninstall an app from your Android device if the app hides its icon.

You can remove it through the settings menu:

Navigate to your Android device’s setting menu

Select “apps” or “application manager”

Locate the app you wish to uninstall and tap it

Select “uninstall”

Or, you can directly uninstall it from the Google Play store:

Navigate to the Google Play Store app

Tap the menu icon

Navigate to “My apps”

Tap the app in question

Select “uninstall”

]]>0Lookouthttp://blog.lookout.com/?p=158662015-03-17T17:51:02Z2015-03-17T17:51:02ZRead more]]>Spring is here, which means it’s time to roll up your sleeves and do some serious cleaning. There’s more to tidy up than your house, though; your phone is probably overflowing with photos, apps and clutter you could do without. Here are six tips to help you freshen up your phone — once you’re done, your phone will thank you!

Here’s how to clear to clear the (digital) clutter:

Update your settings: Do you allow downloading from unknown sources? (Hint: You should check “no”). Does your phone automatically connect to WiFi networks that might not be secure? (No). Is your device encrypted? (Yes). Spending a few minutes to make sure your phone settings keep the bad stuff out can save a lot of heartache later on.

Change your passwords: Between your phone, tablet, and computer, how many accounts are you logged into right now? Do you even know? Change your passwords to your most used accounts, especially if they hold important financial or personal information. If you’re using the same passwords across many accounts (not that you would ever do anything like that), using unique passwords on the important ones will leave you much less vulnerable to fraud.

Review app permissions: If that so-called free app is requesting access to your financial info, you might have downloaded more than you bargained for. It’s best to read reviews and check permissions before you download an app, but you can always double check what data your apps are collecting and uninstall the ones that seem fishy.

Uninstall forgotten apps: Remember that app that was all the craze for about a week three months ago? Yeah, neither do we. Most of us have about 10 apps we use ALL the time, but the rest can build up into a crowded graveyard of forgotten apps. Factor in the fact that some of the lesser known ones may not have the best privacy standards, and it’s better to just cut the cord.

Back up contacts and photos: Be honest, how much do you love taking pictures of your lunch? We have nothing against your extensive album of sandwich pics, but they’re probably taking up space you could be using for other things (like more lunch pics). There’s no reason that valuable data has to live only on your phone — we’re living in the digital age! Back up what matters, delete what doesn’t, and your phone will be running more efficiently in no time.

Be proactive: Download a mobile security app like Lookout to make sure you and your phone don’t encounter too much trouble before your next spring cleaning.

]]>1Lookouthttp://blog.lookout.com/?p=158642015-03-16T18:53:56Z2015-03-16T18:53:33ZRead more]]>Lookout’s VP of products, Aaron Cockerill, wants to talk with you about whether iOS or Android is more secure, because guess what: the answer is not that simple.

But we can’t do it without your help. We need your votes for Aaron’s RSA talk and here’s why:

Both ecosystems have traditionally pitted against each other as the top two owners of smartphone marketshare. But a number of new players are injecting new risk and new reward into the mobile landscape, fundamentally changing the debate.

We want to strike up serious discussion about how AOSP phones are changing mobile and app security, how homegrown enterprise apps are shaking up iOS app security, and what enterprise IT departments can do to prepare for the change. Come armed with your own questions and we’ll get a valuable conversation started.

Want to be a part of it all? Please vote for the talk and share it with your friends!

]]>0Meghan Kellyhttp://blog.lookout.com/?p=158582015-03-18T00:44:59Z2015-03-05T20:00:42ZRead more]]>The iOS App Store is not the impenetrable walled garden you think it is.

For years consumers have lifted up iOS as the safe mobile operating system. Comparatively, it does see much less malware than Android likely due to its rigorous manual testing of App Store apps and technological limitations that only allow approved apps on iOS devices. But to believe you’re 100 percent in the clear if you’re using an iOS device is a mistake.

Today, iOS malware looks a lot like Android malware in 2010. Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream.

Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store. And while that was far from the end of the Android malware story, it’s just beginning for iOS. Kevin Mahaffey, Lookout’s chief technology officer, predicts that as iOS continues to grow around the world, particularly in emerging markets, we’ll likely see more attackers focus their efforts on mainstream iOS users.

“Bad guys are rational economic actors. Because Android is so much more popular in the world they’re targeting the largest platforms first,” says Kevin Mahaffey. “But criminals are soon going to double down on iOS with targeted attacks.”

Android and iPhone malware: the technical abilities aren’t all that different

Apple’s app review process — a manual one where humans look at each app that is approved for distribution in the official App Store — has done a good job of keeping less sophisticated malware off iOS devices, though it’s not perfect. For the malware that does make it onto iOS devices, attacks can actually execute a lot of the same malicious actions. Lookout has observed iOS attacks that can do the following:

It’s much more of a level playing field than is generally assumed. Of course, the number of people actually affected by malware is significantly higher on Android, but in terms of what malware can do when actually on the device, the groundwork has been laid for significant threats to emerge.

iOS threats to date

Threats already exist for iOS and they aren’t trivial. Malicious actors are taking advantage of enterprise provisioning profiles, which are difficult in nature to get, but once you have it, you are able to push any application they want to any device. A number of the more current threats to iOS including WireLurker and XAgent use this tactic. Indeed, the world of iOS malware will continue to change, but let’s take a peek at what the landscape looks like today:

]]>4Lookouthttp://blog.lookout.com/?p=158532015-02-24T17:57:16Z2015-02-18T01:18:43ZRead more]]>We are deeply sorry to anyone affected by what we’ve determined to be a software bug in our billing system.

Due to the bug, we did not properly process cancellations for a small percentage of customers whose subscriptions were appropriately cancelled by Sprint. Those customers who cancelled through the Lookout app or website were not impacted.

We have deployed a fix to the problem.

We take this matter very seriously and will be working closely with Sprint to issue refunds to all affected customers.

Above all else, our mission is to make people feel safe and secure while using their mobile devices. We are taking the necessary steps to ensure that our customers don’t encounter similar technical issues in the future.

If you have experienced this issue, please email us at [supporthotline@lookout.com].

]]>0Lookouthttp://blog.lookout.com/?p=158522015-01-23T00:26:13Z2015-01-23T00:26:13ZRead more]]>Lookout has hired on a vice president of Federal Systems, Bob Stevens, as part of a company initiative to make the government workforce more productive through the secure use of mobile devices.

“As federal agencies adopt BYOD and other mobility programs to reduce costs, increase productivity and effectiveness, and appeal to a changing workforce, the growth and sophistication of mobile malware must be addressed,” said Stevens. “Mobile devices store and transmit immense amounts of data, are highly portable and constantly connected to unsecured networks, making them an extremely weak link in the security ecosystem. At Lookout, we have access to virtually all the mobile code in the world, which allows us to predict and stop mobile attacks before they do harm and make it safer for mobile devices to be used in the federal workplace.”

To bring Lookout’s predictive mobile security to the federal market, we have partnered with Carahsoft, a leading government IT solutions provider.

We are also forming the Lookout Federal Systems Advisory Board to help us establish strategies and guide future product development to satisfy the unique requirements of the federal space. The Board is chaired by Roger Cressey, the former director of National Security Council and an expert on cybersecurity and counter-terrorism.

It’s possible to enable mobility without sacrificing security. Learn more about our efforts to bring predictive mobile security to the federal government in Bob’s article on LinkedIn and in our press release.